COSCUP 2024

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Improving FOSS Security
2024-08-03, 10:00–10:30 (Asia/Taipei), TR413-1

This talk is about best practices FOSS projects can use to preempt and respond to vulnerabilities. How security reports are received and how security patches are announced makes a huge impact on overall security. A few precautions and a plan goes a long way to protect end users. For example, every project should have a Security Policy so that researchers know where to report an issue. And a plan for who to notify during coordinated response disclosure will make communication smoother. This talk is for FOSS projects who want to protect their users by taking responsibility of their security.

I am an Ubuntu Security member who focuses on security maintenance, auditing software, coordinating vulnerabilities, and working to harden Ubuntu compiler flags.